[Haskell-cafe] Re: Password hashing
Achim Schneider
barsoap at web.de
Wed Oct 29 13:43:37 EDT 2008
Bulat Ziganshin <bulat.ziganshin at gmail.com> wrote:
> Hello Bit,
>
> Wednesday, October 29, 2008, 4:32:51 PM, you wrote:
>
> >> It's a good idea to salt your passwords before hashing, though. See
> > What can be used for generating a random salt? Is System.Random
> > secure enough?
>
> if you use mkStdRNG it's good enough for non high-secure programs. it
> inits rnd generator with current time upo to picoseconds (if your OS
> provides such granularity). you can add a bit f security by reading a
> few bytes from /dev/urandom and passing these to mkStdRNG
>
...or by pinging a random host and taking the time difference, checking
the current cpu temperature and fan speed, counting how many times
your process gets suspended in a certain amount of time, taking a
picture of a lava lamp and hashing it, booting windows, not doing
anything, and measure the time it takes to crash, hashing a snapshot
of the slashdot frontpage, and, last, but not least, measuring the
amount of spam per second currently swooshing into your mail account.
--
(c) this sig last receiving data processing entity. Inspect headers
for copyright history. All rights reserved. Copying, hiring, renting,
performance and/or quoting of this signature prohibited.
More information about the Haskell-Cafe
mailing list